Romania has long been considered a hotbed for cybercriminal activity, but in recent years law enforcement authorities have made significant efforts to crack down on online fraud gangs that steal millions every year from victims worldwide.

Media reports and official statistics both show a visible increase in the number of law enforcement actions in this area. The Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) reported 1,157 cybercriminal investigations opened in 2010, with 977 new cases already registered during the first eight months of this year.

The fact that law enforcement authorities are making efforts to bring those responsible to justice can only be a good thing but, according to Bogdan Manolea, cyberlaw expert and executive director of the Romanian Association for Technology and Internet (ApTI), this is only treating the symptom and not the cause.

"As long as the Romanian authorities only treat this problem as individual cases and not as a phenomenon, I don't think there's much progress to be made in the long or medium term," Manolea said.

Despite DIICOT's increasing efforts to stamp out cybercrime, more and more teenagers are getting involved in such activities, and backsliding after serving prison time for associated offenses. This happens because of a combination of factors, from the poor state of the economy and the lack of work opportunities to sentences that some consider too lenient. However, little is being done to identify and tackle the causes.

"I'm talking about the need and capacity of the authorities to work with the private sector towards determining the factors that transformed this into a phenomenon, the motives of those involved, the prevalence of the problem, and to adopt solutions at the national level that discourage the involvement of young people in this type of activity. So far we're pretty bad at this," Manolea said.

Nearly all forms of cybercrime are present in Romania, including fake online auctions, VoIP fraud, credit card cloning and the manufacturing of skimming devices. The most popular type of online fraud among Romania's cybercriminals, though, is phishing.

The simplicity of phishing might explain why it is so attractive to Romanian fraudsters. Despite being a significant threat for years now, phishing attacks continue to have a high success rate because protection largely relies on user education.

Phishing is so widespread in Romania that it has almost become a national brand, coloring how foreigners perceive the country, especially in cyberspace.

Another reason for phishing's popularity is that it is not heavily punished. DIICOT announcements and news articles frequently mention sentences with a maximum 20 years in prison, but the actual punishments are far less than that.

Manolea analyzed public data on court rulings and found that average phishing sentences are between two and four years in prison. Defendants receive suspended sentences in some cases.

Each case has attenuating or aggravating circumstances and it's normal for the maximum sentence to only rarely be handed down, Manolea noted. However, the big difference between reported and actual punishments distorts the public opinion and leads to feelings that the legal system is broken.

Manolea doesn't believe that harsher sentences are a solution, because such measures hardly ever lead to a decrease in the number of crimes. However, he feels that the social dangers associated with these acts should be discussed more.

"This topic hasn't been debated enough, with only one or two events dedicated to cybercrime each year. There are probably some judges that don't yet have a clear picture of what these teenagers actually do," he said.

Despite increasing collaboration with foreign partners -- DIICOT exchanges information with law enforcement agencies in more than 50 countries, a spokesperson said -- there are still many hurdles that prosecutors face when building their cases. The anonymity conferred by the Internet and the hard task of identifying and questioning victims, especially when most of them are foreign citizens, are just some of them.

It's not only Romanian authorities that are cracking down on cybercrime. Other Eastern European countries with long histories of online fraud, including Ukraine and Bulgaria, have also stepped up their efforts. However, these governments haven't yet realized that raising awareness and educating youngsters is as important as putting criminals behind bars.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.